[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut

Fri, 08 Aug 2008 10:33:39 -0700 

"ragavgomatam" wrote : There is, I believe another way, without using FORM 
authentication, you can use Programmatic login (using WebAuthentication) . You 
will have to refer to the documentation for more details..Check out this url 
  | http://wiki.jboss.org/wiki/WebAuthentication

Hello, ragavgomatam!

I've been testing WebAuthentication, as suggested by you, and I'm getting some 
good, and also strange, results. Below are some test that I made (with 
comments):

Test 1 (with a valid user and password):


  | WebAuthentication authentication = new WebAuthentication();
  | authentication.login("90000005", "1vgd4m");
  | System.out.println(context.getUserPrincipal()); // 90000005
  | System.out.println(context.isUserInRole("USUARIO")); // true
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // true
  |             
  | // Session bean method call ok
  | 
System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome());
 // 'CRAJUBAR'
  |             
  | authentication.logout();
  | System.out.println(context.getUserPrincipal()); // null
  | System.out.println(context.isUserInRole("USUARIO")); // false
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
  | 

Test 2 (without a valid user and password):


  | WebAuthentication authentication = new WebAuthentication();
  | authentication.login("90000005abc", "1vgd4mabc");
  | System.out.println(context.getUserPrincipal()); // null
  | System.out.println(context.isUserInRole("USUARIO")); // false
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
  |             
  | // Session bean method call ok (but why?)
  | 
System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome());
 // 'CRAJUBAR'
  |             
  | authentication.logout();
  | System.out.println(context.getUserPrincipal()); // null
  | System.out.println(context.isUserInRole("USUARIO")); // false
  | System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
  | 

Test 3 (without authentication):


  | // Session bean method call ok (but why? this is very strange)
  | 
System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome());
 // 'CRAJUBAR'
  | 

Could you explain why the session bean's method calls are working even with a 
invalid user and even without authentication?

Thank you.

Marcos

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169664#4169664

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169664
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to